Privacy Statement

Last Updated: 13th August 2021.

This Privacy Statement sets out the basis on which we may collect, store, use, and share (“process”) your personal information submitted to us, including through TAIAO Community Platform (“Website”), and comply with the requirements of the New Zealand Privacy Act 2020 (“PA”). In this Privacy Statement “personal information” shall have the meaning set out in the PA. 

For the purposes of this Privacy Statement the terms “we”, “us” and “our” refers to The University of Waikato and its subcontractors headquartered in Hamilton and, “you” and “your” refers to the user of the Website.  

What personal data we collect

We generally do not collect your personal data unless (a) it is provided to us voluntarily by you directly or via a third party who has been duly authorised by you to disclose your personal data to us (your “authorised representative”) after (i) you (or your authorised representative) have been notified of the purposes for which the data is collected, and (ii) you (or your authorised representative) have provided written consent to the collection and usage of your personal data for those purposes, or (b) collection and use of personal data without consent is permitted or required by the PA or other laws. We shall seek your consent before collecting any additional personal data and before using your personal data for a purpose which has not been notified to you (except where permitted or authorised by law).

Some examples of personal data which we may collect from you include: 

  • name 
  • email address

This Website uses cookies to monitor your browsing preferences. Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide personal data to the owners of the site. 

Most internet browsers give you the option to reject all cookies, accept all cookies, erase cookies stored on your computer or be notified before a cookie is stored on your computer. However, if you reject or erase the cookies referred to above some features of the Website will not function properly or may not be fully available. Please refer to your internet browser instructions if you want to find out more about rejecting or erasing cookies. 

What we use your personal data for

We may use the personal data we collect from you to:

  • provide our services;
  • personalise your experience on this Website;
  • respond to you;
  • improve this Website;
  • send you emails;
  • prevent illegal activity that threatens the Website, our computer systems or networks;
  • comply with any applicable laws and/or regulations, and;
  • comply with any contract with users.

We may also use personal data collected from you through the Website in an aggregated or anonymised form without your prior consent. We do not consider such aggregated or anonymised personal data to be personal data.

Why we might share your personal data with third parties

We may share your personal data with third parties who assist us in delivering our services, including operating this Website. We may also share your personal data to comply with applicable laws and/or regulations or to protect our property or safety or that of others. Any such third parties whom we engage will be bound contractually to keep all information confidential.

How to withdraw your consent 

The consent that you provide for the collection, use and disclosure of your personal data will remain valid until such time it is withdrawn by you in writing. You may withdraw consent and request us to stop using and/or disclosing your personal data for any or all of the purposes listed above by submitting your request in writing or via email to the Data Protection Officer at the contact details provided below.

Please note that withdrawing consent does not affect our right to continue to collect, use and disclose personal data where such collection, use and disclose without consent is permitted or required under applicable laws.

How to access your personal data

You can use the Website to access basic personal data we hold about you at any time. Alternatively, you can request a copy of your personal data by contacting the Data Protection Officer. 

How to correct or delete your personal data

If you think any of the personal data we hold about you is wrong, you can ask us to correct it. Where we have retained your personal data for purposes that are not directly related to the performance of a contract or to our legitimate business interests – you can ask us to delete it. 

If we are unable to correct or delete your personal data (for example, where we do not agree that it is wrong, or we need the personal data for a lawful purpose), we will tell you why. You can ask us to attach your correction request to the personal data as a statement of correction and send this to the Data Protection Officer. 

Transfer of personal data 

Where we can, we will only send personal data to countries that have equivalent or higher privacy standards to those in New Zealand. We have designed our privacy processes to meet the requirements of these standards and have high expectations of all the third parties which process data for us. We take reasonable steps to ensure that these expectations are met wherever in the world your personal data is.

Retention of personal data

We retain personal data only for as long as we have a lawful purpose to use it. When we no longer need to use it, we securely destroy it. We also make sure that any data service providers which hold personal data on our behalf destroy the personal data we no longer need.

How we protect your personal data

We have implemented generally accepted standards of technology and operational security to protect the personal data in our possession or under our control and to prevent unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks. 

Most of the personal data we hold is stored on the Catalyst Cloud platform in New Zealand. Catalyst Cloud takes privacy seriously and has a number of safeguards in place to protect the personal data it holds on our behalf. You can read more about Catalyst Cloud’s privacy and compliance practices here. You should be aware, however, that no method of transmission over the Internet or method of electronic storage is completely secure. While security cannot be guaranteed, we strive to protect the security of your information and are constantly reviewing and enhancing our information security measures.

Accessing, correcting or deleting your personal information?

You have the right to request access to, and under certain conditions, the correction or deletion of, the personal information we hold about you. If we are unable to correct or delete your personal information (for example, where we do not agree that it is wrong, or we need the personal information for a lawful purpose), we will tell you.

Please email your request to our Privacy Officer at Please note that we may ask for additional information to verify your identity.

Changes to this Notice

We reserve the right to modify or amend this Privacy Statement at any time.  If we do make any changes to the Notice you will be asked to accept these when you next log into the Website. The effective date will be displayed at the beginning of this Privacy Statement.

I understand that by accessing the Website I agree to the terms of this Notice